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(57) ABSTRACT 

A method and system for hcense authentication over a 
network. An on-hne vendor receives a digital certificate that 
includes a public key associated with a consumer, and a 
digital signamre of the consumer. A license packet is gen- 
erated that includes a unique serial number. A record that 
includes the digital certificate is stored in a memory. The 
hcense packet is optionally encrypted with the public key 
associated with the consumer, and the license packet is 
forwarded to the consumer. When a post-sale service is 
required, the consumer generates a request that includes the 
digital signature of the consumer, and the request is for- 
warded to the vendor. The vendor accesses the memory to 
authenticate that the request was sent by the consumer, and 
if so, the service request is fulfilled. 

13 Claims, 1 Drawing Sheet 
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NETWORK LICENSE AUTHENTICATION 
HELD OF THE INVENTION 

The present invention relates to authentication of rights 
over a network, and specifically to a mechanism for elec- 
tronically authenticating that a purchaser has a license to use 
certain resources. 

BACKGROUND OF THE INVENTION 

The use of the Internet as a sales medium is greatly 
increasing, [f a product is in an electronic format, such as a 
software program, or digitized music, the entire transaction 
from payment to shipment of the product can be handled 
without human interaction through software running on the 
vendor's World Wide Web (Web) site. Where the product 
cannot be electronically downloaded, the Internet can be 
used as a mechanism for selection of and payment for the 
product. The product can then be shipped to the consumer 
through conventional channels. 

From a consumer standpoint, purchasing a product over 
the Internet reduces costs associated with traveling to a 
merchant, and substantially reduces the amotmt of time it 
would otherwise take to purchase the product. From a 
vendor's standpoint, use of the Internet as a sales medium 
greatly reduces overhead. Leases, buildings, and furnishings 
necessary for a physical presence are eliminated. The fabu- 
lous success of some of the first Internet-based "virtual" 
stores lends credibility to the estimates of the magnitude of 
future Internet-based sales. 

Mechanisms for purchasing goods over the Internet are 
well known. A vendor implements a Web site which allows 
a consumer, through the use of a browser, to select the 
desired goods. After the goods are selected, the consumer 
typically enters a credit card number to complete the sale. 
The credit card number is typically encrypted at the browser 
and decrypted at the vendor's Web site, to reduce or elimi- 
nate the possibihty of a third party intercepting the credit 
card number. 

Many vendors use the Internet for post-sale support as 
well. It is not uncommon for a purchaser of software to be 
directed to the vendor's Web site to download recent 
patches, upgrades, or to seek support. Even where the initial 
purchase was not consummated over the Internet, consumers 
are often directed to a vendor's Web site for sudi post-sale 
support. Such support can include the ability to search 
databases of known problems and suggested resolutions, the 
ability to access in-depth technical information about a 
product, or the ability to communicate via e-mail with a 
support representative, for example. Post-sale support inter- 
action with the consumer will become an increasingly 
important distinguishing feature of Internet-based vendors, 
since such vendors frcquendy oflPer goods at nearly identical 
prices. 

Currently, providing post-sale support can be very expen- 
sive for a vendor. Before support is provided, it is typically 
desirable to authenticate that the individual seeking support 
is a customer of the vendor. Where support requests are 
initiated by telephone, a customer representative typically 
requires the caller to provide a unique identifier, such as a 
serial mmaber which accompanied the product, before sup- 
port will be provided. A product serial nimiber is also 
frequently required when the consimfier seeks support over 
the Internet One problem with using a serial number for 
authentication purposes is that a valid customer can share 
the serial number with other individuals who can then use 
the serial number to access the vendor's support services, 
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even though those individuals never purchased a product. 
For example, after copying a bona fide purchaser's licensed 
software, and serial ntmaber, such individuals can use the 
serial number to obtain free upgrades to products which they 

5 illegally copied in the first place. 

Providing support services to unauthorized users results in 
loss of revenue and requires larger support resources than 
would otherwise be required. Because vendors are not 
compensated for such unauthorized use of post-sale 

10 services, it will become increasingly important for Intemet- 
based businesses to ensure that the entity seeking support is 
a valid customer. Ideally, the complete process from pur- 
chase of a product over the Internet to subsequent post-sale 
access of a vendor's Web site could be handled 

15 automatically, without htmian intervention, and yet in an 
extremely secure fashion such that unauthorized individuals 
cannot utilize the vendor's post -sale resources. Moreover, 
the ability to detect a request from an unauthorized, or 
unlicensed user allows the vendor to offer the user the 
opportunity to purchase a licensed product. 

U.S. Pat. No. 5,715,314 to Payne et aL discloses a 
network-based sales system relating to an initial purchase of 
a product over a network. The system includes a buyer 
computer, a merchant computer and a payment computer. 

^ The buyer computer sends an access message that includes 
a product identifier and an access message authenticator 
based on a cryptographic key to the merchant computer. The 
merchant computer verifies that the access message authen- 
ticator was created using the cryptographic key, and then 
causes the product to be sent to the user. 

U.S. Pat. Nos. 5,138,712; 5,553,143; 5,553,139; and 
4,924,378 relate to distribution or management of software 
licenses during installation or execution of software on a 

2j computer. None of the references appear to disclose elec- 
tronic mechanisms for authenticating customers for post- 
sale support. 

It is apparent that a method and system that electronically 
and automatically vaUdates that a requestor of a resource, 
40 such as a post-sale service, is a valid purchaser of the 
vendor's product would be highly beneficial, and would 
reduce costs associated with providing post-sale support 
services. 

45 SUMMARY OF THE INVENTION 

It is one object of the present invention to provide a 
method and system for greatly reducing costs associated 
with providing network-based post-sale support services. 

It is another object of the present invention to provide a 
method and system for reducing or ehminating human 
involvement in granting a license to use a product. 

It is yet another object of the present invention to provide 
a method and system for reducing human involvement in 
55 verifying the authenticity of a customer. 

It is still another object of the present invention to provide 
a method and system for eliminating unauthorized access to 
a vendor's support resources. 

Additional objects, advantages and novel features of the 
60 invention will be set forth in part in the description which 
follows, and in part will become apparent to those skilled in 
the art upon examination of the following or may be leamed 
by practice of the invention. The objects and advantages of 
the invention may be realized and attained by means of the 
65 instrumentalities and combinations particularly painted out 
in the appended claims. To achieve the foregoing and other 
objects and in accordance with the purpose of the present 
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invention, a method and system are provided for authenti- public key and digital signamre associated with the 

eating a license over a network. The method includes requestor is generated. A license granting entity receives the 

receiving a digital certificate that includes a public key first packet, authenticates the first packet and generates a 

associated with a requestor, and a digital signature associ- license packet The license packet includes a unique serial 

ated with the requestor. A license packet is generated that 5 number and a digital signature associated with the license 

includes a unique serial number A record that includes the granting entity. A record that includes the digital certificate 

digital certificate associated with the requestor is stored in a stored in a memory. The license granting entity encrypts 

memory. A digital signature is generated and included in the Mccnst packet with the pubHc key and forwards the 

Ucense packet. The license packet is encrypted with the Ucense packet to the requestor. A second packet including a 

public key associated with the requestor, and the license ^^^^^^^ ^ resource and the unique serial number is 

packet IS forwarded to the requestor. The requestor subse- communicated fi-om the requestor to a hcense inspection 

quendy issues a request for a service, such as post-sale g^j^y ^^^^ demand for a post-sale resource. An authenti- 

support services, the request including the digital signature ^^^^^^^ utility receives the second packet and authenticates 

associated with the requestor. The memory is accessed and that the second packet was forwarded by the requestor 

the request is authenticated, and if the request is authentic, 35 ^^^^^^ g^^j^g requestor access to the resource, 
the request is fulfilled. 

According to one embodiment of this invention, public/ BRIEF DESCRIPTION OF THE DRAWINGS 
private key encryption is tised to authenticate the requestor. 

There are two stages in the authentication process according accompanymg drawmgs mcorporated m and formmg 

to this invention. Afirst stage involves a purchaser providing 20 ^ °^ specification, iUustrate several aspects of the 

certain identifying information, such as a digital certificate, present invention, and together with the description serve to 

that the vendor stores in a license store. The second stage ^^^^ principals of the mvention. In the drawings: 

involves a request for services. The request includes infor- FIG. 1 is a block diagram illustrating certain aspects of the 

mation that the vendor can use to search the license store to present invention; 

authenticate that the entity seeking services is the same 25 FIG. 2 is a block diagram illustrating communications 

entity that provided the identifying information in the first between a requestor and a license granting entity according 

stage. The first stage typically occurs during the initial to one embodiment of the present invention; and 

interaction between the requestor and the product vendor, pjQ 3 ^lock diagram illustrating interaction between 

for example upon initial purchase of the product for a a requestor and a hcense inspector according to one embodi- 

network-based sale, or during electronic registration for a 30 ment of the present invention. 

conventional purchase. The requestor forwards a digital „ , . j • j * -i * r j 

certificate identifying a public key associated with the ^^^^J^"^ "'f "I detail to prefe;rred 

, , ^ ^ \ , T ^ . embodiments of the mvention, examples of which are illus- 

rcquestor to the vendor over a network, such as the Internet. . * j • • j • u - 11 1 

T-u- J- 1 * • J • i- . ^ 1 . u-ated m the accompanymg drawmgs, wherem like numerals 

This digital certificate is saved m the license store for later • a- , 1 f l . *l 

r . - ^ , ^ L .1 . mdicate the same elements throughout the views, 

authentication of a post-sale request by the requestor. 35 ^ 

If the product is purchased and dovmloaded over the DETAILED DESCRIPTION OF PREFERRED 

Internet, the unique serial number can be generated by the EMBODIMENTS 
vendor and forwarded to the requestor. If the purchase was 

through a channel other than the Internet, the serial number FIG. 1 is a block diagram illustrating certain aspects of the 

could accompany the actual product, and could be included 40 present invention. A requestor 22 can comprise an entity 

in the request from the requestor to the vendor for post -sale which seeks to obtain a product, such as a software program, 

support or during a preliminary transaction, such as regis- over a network, such as the Internet. Requestor 22 typically 

tration of the product. The vendor maintains a license store includes a network-attached computer, a software program 

of records obtained from requestors. Each record can include capable of communicating over a network, such as a 

a digital certificate that is associated with a particular 45 browser, and a user that uses the computer and browser to 

requestor. Upon a request for post-sale support, the vendor interact with a vendor's electronic business, such as a World 

accesses the license store and determines if the digital Wide Web (Web) site. A software distribution agent 18 

signamre associated with the request can be authenticated receives a request from requestor 22 to obtain a product, 

either with a requestor certificate in the license store or with Software distribution agent 18 can comprise an electronic 

a digital certificate sent with the request. Either of the digital 50 embodiment of a product manufacturer or a reseller. The 

certificates should be authenticated with the certifying interface used by software distribution agent 18 to interact 

authority before use. For further verification the serial num- with requestor 22 is typically one or more Web pages. Such 

bcr can be included in the request, and the serial number can Web pages are well known to those skilled in the art, and can 

likewise be authenticated against a serial number maintained be accessed by a number of commercially available Web 

in the record from the license store. If the digital signature 55 browsers, such as MICROSOFF INTERNET EXPLORER 

and/or Ucense number in the request are authenticated or NETSCAPE NAVIGATOR Such Web sites typically 

against a record maintained in the Ucense store, access to allow the communication of information in an encrypted 

post-sales support can be given to the requestor. Because formal, such as the Secure Sockets Layer of the HTTP 

private keys are not generally shared among users, the use protocol. Use of encryption greatly reduces, or eliminates, 

of a digital signature as an authentication mechanism elimi- 60 chance that a third party can obtain confidential 

nates unauthorized access of post-sale services. Moreover, a information, such as a credit card number, used by requestor 

hardware token can be used to completely inhibit sharing of 22 to pay for the product purchased from software distribu- 

private keys, providing further confidence in the post-sale tion agent 18. 

service request. Software distribution agent 18 communicates the success- 
According to another embodiment of the present 65 fill acquisition of a product to a license granting entity 26. 
invention, a system for validating a request from a requestor The phrase "license" as used herein refers to a right to a 
is provided. A first packet having a digital certificate with a certain thing. License granting entity 26 can obtain a unique 
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serial number and incoiporale the serial nximber into the 
software that will be downloaded to requestor 22. The 
product can then be downloaded to requestor 22 for instal- 
lation on the respective computer. While a product is being 
installed on a computer, it is common for a dialog box to s 
display the terms of a license agreement. The user can 
typically either accept the terms of the license agreement by 
ch eking "OK" on a button within the dialog box, or reject 
the terms of the license agreement, in which event the 
software installation process terminates. If the user accepts jq 
the terms of the license agreement, the product is installed 
on the computer. 

According to another aspect of the present invention, 
software distribution agent 18 immediately downloads the 
software to requestor 22 instead of communicating with 15 
hcense granting entity 26. Upon acceptance of the terms of 
the license agreement, the installation software communi- 
cates directly with license granting entity 26 and obtains a 
serial number for use with the software. 

FIG. 2 illustrates in greater detail the communications 20 
during the initial grant of a license to requestor 22. For 
simplicity of illustration, it is assumed that license granting 
entity (LGE) 26 and software distribution agent 18 are one 
entity, represented by LGE 26. The present invention can be 
described as occurring in two phases. During the first phase 25 
of the invention, a purchaser provides certain identifying 
information to the vendor. This information will be used in 
the second phase to authenticate that a subsequent request 
for post-sale services originates from a licensed user. FIG. 2 
relates to the first phase of the invention. In a first embodi- 30 
ment of the present invention, it is assumed that an elec- 
tronic product, such as a software program, is purchased 
over the Internet. While the invention will be described with 
reference to the purchase of a software program, it is 
apparent that the invention could be used with other digital 35 
products, such as digitaJ music, or digital publications, such 
as books or magazines. At some point during the installation 
of the product on the computer associated with requestor 22, 
a decision will be made to grant a license to requestor 22. 
This license gives requestor 22 the right to xise the product, 40 
and the right to access post-sale support resources of the 
vendor. This license grant may occur immediately after a 
user has assented to the terms of a legal hcense agreement. 
Alternatively, it may occur during a software registration 
phase after the installation of the software on the computer. 45 
In either event, the process described herein with regard to 
FIG. 2 relates to requestor 22 obtaining a hcense, or grant of 
a right, from the vendor to future support-related services. 

The present invention uses pubUc key cryptography for 
encryption and identification purposes. Public key cryptog- 50 
raphy is a technology well known to those skilled in the art, 
and will not be discussed in detail herein. Mechanisms for 
updating and/or changing pubhc key pairs are also well 
known to those skilled in the art, and will not be discussed 
in detail herein. Each requestor 22 obtains a unique public 55 
key and private key. The public key is made pubUcly 
available. PubUc key cryptography provides two primary 
functions, encryption and identification. Briefly, the encryp- 
tion aspects of public key cryptography involve encrypting 
a message with the public key of the entity to whom the 60 
message will be sent, and then forwarding the encrypted 
message to the recipient The message can only be decrypted 
with the recipient's private key, precluding other entities 
from reading the message. Thus, the recipient publishes its 
public key to allow entities to generate and forward to the 65 
recipient an encrypted message, but maintains its private key 
in confidence. 



Another aspect of public key encryption relates to 
identification, or authentication. A sender generates a 
message, and then applies an algorithm to the message to 
create a message digest The message digest is encrypted 
with the sender's private key, creating a "digital signature" 
of the sender. The recipient receives the message and applies 
the same algorithm to the message to create a locally 
generated message digest. The sender's pubfic key is then 
used to decrypt the sender's "digital signature" and the 
decrypted digital signature is compared to the locally gen- 
erated message digest. If they are identical, the authenticity 
of the message is established, because only the entity in 
possession of the private key could have created the digital 
signature. 

One problem with public key cryptography relates to 
authenticating the validity of an entity's public key. For 
example, assume User C sends User A a message and alters 
the return address field to make the message appear as if it 
were sent by User B. The message includes a pubhc key 
allegedly belonging to User B. In short. User C pretends she 
is User B. Not knowing that the message originated from 
User C, User A believes the pubhc key belongs to User B. 
User A uses the public key to encrypt a new message and 
send it to User B. User C intercepts the message and uses its 
private key (which corresponds to the public key it for- 
warded to User A) to decrypt and read the message that was 
intended for User B. To prevent this deceptive practice, 
certification organizations have been created for the purpose 
of providing authentication of public keys. This authentica- 
tion typically takes the form of a digital "certificate." A 
certificate is an authentication, or credential, that the public 
key is in fact an authentic public key of a particular entity. 
The certificate includes the entity's pubhc key and is digi- 
tally signed, as described above, by the certification orga- 
nization. Because the certification organization's pubhc key 
is well known and easily available, it is easy for an entity to 
validate the authenticity of the certificate itself. 

Requestor 22 generates a license request 24 and commu- 
nicates the hcense request 24 to LGE 26. As indicated above, 
this hcense request could occur at any one of several 
different stages. For example, the hcense request could be 
generated at the time of product purchase, during the instal- 
lation of the software upon acceptance of the terms of a 
hcense agreement, or during subsequent registration of the 
product. The LGE 26 can be a separate entity or the same 
entity from which requestor 22 purchased the produa. The 
hcense request 24 includes a digital certificate, which 
includes the public key associated with requestor 22. 
License request 24 also includes a digital signature of 
requestor 22. LGE 26 receives license request 24 and obtains 
a unique serial number from the serial number store 28. 
Serial number store 28 can comprise a list or database of 
unique serial numbers, or a software module that provides 
unique serial numbers upon request LGE 26 creates a 
Hcense packet 30 which includes the serial ntimber obtained 
from serial number store 28, and optionally hcense request 
24. LGE 26 can also digitally sign license packet 30. License 
packet 30 is stored in a memory such as hcense store 32. 
License store 32 can comprise any type of digital storage 
device, such as a random access memory, or a persistent 
storage device such as a hard drive. Although it is not 
necessary for LGE 26 to digitally sign license padcet 30, the 
digital signature can be used to ensure that the hcense packet 
30 has not been tampered with when LGE 26 later obtains 
the hcense packet 30 from hcense store 32 for authentication 
purposes. LGE 26 then preferably uses the pubhc key of 
requestor 22 (obtained from Ucense request 24) to encrypt 
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license packet 30 to create a license packet 34, which is then 
communicated to requestor 22. By encrypting license packet 
34 with the public key of requestor 22, it is ensured that the 
packet cannot be utilized by an entity that intercepts license 
packet 34, however, it is not mandatory that license packet s 
30 be encrypted. LGE 26 can also digitally sign license 
packet 30 with its private key before forwarding it to 
requestor 22, so that requestor 22 can verify that the packet 
came from LGE 26. Requestor 22 decrypts license packet 34 
with its private key, and stores the serial number contained jq 
therein for later use, as described below. 

According to another embodiment of the present 
invention, requestor 22 may have purchased a product 
through conventional channels, such as at a retail outlet. 
Future support of the product may be dependent upon 15 
registration of the product with the vendor^s Web site. In this 
embodiment, requestor 22 generates a license request 24 
which includes a certificate and a digital signature. However, 
included in the license request 24 is a serial number which 
accompanied the product. Requestor 22 transmits license 20 
request 24 to LGE 26. LGE 26 retrieves the serial number 
from license request 24 and validates the serial number with 
serial number store 28. Serial number store 28 ensures that 
the serial number is a valid serial number. If valid, LGE 26 
digitally signs license packet 24 to create a license packet 25 
' 30, and stores license packet 30 in license store 32. LGE 
encrypts license packet 22, forming a license packet 34, and 
communicates license packet 34 to requestor 22. 

FIG. 3 is a block diagram showing aspects of what can be 
described generally as the second phase of the invention, 30 
wherein an entity seeks post-sale services, and the vendor or 
service provider authenticates that the request originated 
from a licensed entity before access will be given to such 
services. Services that requestor 22 may seek include, for 
example, a software upgrade, access to a knowledge base of 35 
information about the product, or e-mail interaction with a 
technical service representative. Limiting such services to 
licensed users reduces overall costs for a vendor. 

To initiate such a request, requestor 22 may access the 
Web site of the vendor, again with a conventional software 40 
utility such as a browser. The browser can use a "plug-in" 
specifically designed by the vendor to locate the serial 
number information on the computer associated with 
requestor 22, or can request that the user enter the serial 
number. The plug-in preferably generates a service request 45 
packet 36 which includes the serial number and the digital 
signature of requestor 22. Optionally, the digital certificate 
associated with requestor 22 can be included in service 
request packet 36. A license inspector 40 receives packet 36. 
License inspector 40 can be the same entity as the product 50 
vendor, or could be a separate service entity set up to handle 
such requests. Inspector 40 extracts the serial ntimber &om 
service request 36 and obtains the license packet associated 
with requestor 22 firom license store 32 which had been 
previously stored by LGE 26. The license packet obtained 55 
firom license store 32 can include the digital certificate of 
requestor 22, or the service request packet 36 may have 
contained the digital certificate of requestor 22. In either 
event, the digital certificate is itself preferably authenticated 
with the root key of the certifying authority. If valid, the 60 
public key from the digital certificate is used to decrypt the 
digital signature which accompanies the service request 36. 
Authentication can comprise ensuring that the digital sig- 
nature of service request 36 can be decrypted with the pubhc 
key from the Hcense packet, and by comparing the serial 65 
number firom the license packet with the serial number that 
accompanied the service request. Additionally, a certifica- 
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tion revocation list (CRL) of public keys that have been 
revoked can be accessed. If the public key is on the CRL, 
access to requestor 22 can be denied. If requestor 22 is 
authenticated, inspector 40 informs requestor 22, as illus- 
trated by arrow 42, that access to the desired service 46 is 
permitted. Requestor 22 can then access the desired service 
46, as illustrated by arrow 44. If, is not authenticated, 
requestor 22 is denied access to service 46. 

In the event requestor 22 is not authenticated, the vendor 
can inform the user that the software program is tmUcensed, 
and give the user the immediate opportunity to purchase a 
licensed copy of the software. Moreover, the serial number 
can be used to determine the authorized user, and a com- 
munication can be sent to such tiser, such as by e-mail, for 
example, that an entity is attempting to use the serial number 
associated with this software to obtain support services. 

The method and system according to the present invention 
eliminate the need for a vendor to provide human interaction 
to authenticate that an entity seeking support resources is in 
fact a licensed entity. Through the use of a digital certificate 
and public key cryptography, the vendor can be sure that the 
entity seeking access to the service is a licensed user, 
reducing overall support costs, and providing an opportunity 
for additional sales upon recognition of an unauthorized 
entity seeking services. 

The foregoing description of preferred embodiments of 
the invention has been presented for purposes of illustration 
and description It is not intended to be exhaustive or to limit 
the invention to the precise form disclosed, and obviously 
many modifications and variations are possible in light of 
the above teachings. The embodiments were chosen and 
described in order to best explain the principles of the 
invention and its practical application to thereby enable one 
skilled in the art to best utiUze the invention in various 
embodiments and with various modifications as are suited to 
the particular use contemplated. It is intended that the scope 
of the invention be defined by the claims appended hereto. 

What is claimed is: 

1. A method for validating a request, comprising: 
receiving, by a licensor, a hcense request including a 

digital certificate having a public key associated with a 
requestor, and a digital signature associated with the 
requestor; 

generating a license packet that includes a unique serial 
number; 

storing a record including the Kccnse packet in a memory 
wherein the record is encrypted with a public key 
associated with the Ucensor before being stored in the 
memory; 

generating a digital signature associated with the Ucensor 

and including the digital signature in the license packet; 
forwarding the license packet to the requestor; 
receiving a service request from the requestor, the service 

request including the digital signature associated with 

the requestor; and 
authenticating that the service request was sent by the 

requestor, and if so, fulfiUing the request. 

2. A method according to claim 1, wherein the memory 
comprises a hcense store being operative to contain a 
plurality of license packets associated with a plurahty of 
requestors. 

3. A method according to claim 1, wherein the license 
request includes a digital certificate associated with the 
requestor, and the record includes the digital certificate. 

4. A method according to claim 3, wherein the authenti- 
catitig step comprises extracting the pubHc key associated 
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with the requestor from the record, and using the public key 
to authenticate the request. 

5. A method according to claim 1, wherein the unique 
serial number is obtained from a serial number store, the 
serial number store having a plurality of unique serial 5 
numbers. 

6. A method according to claim 1, wherein the license 
request includes the unique serial number. 

7. A method according to claim 1, wherein the service 
request includes the unique serial number. lo 

8. A method according to claim 1, wherein the service 
request includes a digital certificate associated with the 
requestor, and the authenticating step comprises determining 
that the digital certificate was digitally signed by a valid 
certifying authority, and using a public key associated with 15 
the digital certificate to authenticate the request. 

9. A computer-implemented method for validating an 
electronic request for a service, comprising: 

providing to a user terms of a license agreement associ- 
ated with a good; 2i3 

receiving, from the requestor, an indication to be bound 
by the terms of the license; 

generating a first packet that includes a certificate having 
a public key associated with the requestor, and a digital ^ 
signature of the requestor; 

communicating the first packet to a license granting 
entity; 

obtaining, by the license granting entity, a serial number; 
generating a second packet that includes the serial num- ^0 
ber; 



storing the second packet in a store; 
forwarding the second packet to the requestor; 
receiving the second packet; 

generating a request to obtain a service from a provider 
associated with the good, the request including the 
serial number and the digital signature of the requestor; 

forwarding the request to the provider; 

determining if the request is authentic, and if so, provid- 
ing access to the service; and 

encrypting the second packet with a pubhc key associated 
with the license granting entity before storing the 
second packet in the store. 

10. A method according to claim 9, wherein the deter- 
mining step comprises determining if one of the serial 
number and the digital signature from the request has a 
corresponding entry in the store. 

11. A method according to claim 9, further comprising 
installing the good on the cKent computer in response to 
receiving the second packet. 

12. A method according to claim 11, fiirther comprising 
validating the serial number from the second packet before 
installing the good on the client computer. 

13. A method according to claim 9, further comprising 
authenticating, by the license granting entity, that the digital 
certificate was digitally signed by a certifying authority. 
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